Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2015-7450, CVE-2015-2017, CVE-2015-4872, CVE-2015-4734, CVE-2015-5006)

Summary

WebSphere Application Server is shipped as a component of IBM Business Process Manager and WebSphere Lombardi Edition. Information about security vulnerabilities affecting WebSphere Application Server has been published in security bulletins.

Vulnerability Details

Please consult the security bulletins

• Security Bulletin: HTTP response splitting attack in WebSphere Application Server (CVE-2015-2017)
• Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server October 2015 CPU (CVE-2015-4872, CVE-2015-4734, CVE-2015-5006)
• Security Bulletin: Vulnerability in Apache Commons affects IBM WebSphere Application Server (CVE-2015-7450)
  for vulnerability details and information about fixes.

Affected Products and Versions

• • IBM Business Process Manager V7.5.x through V8.5.6.0
• WebSphere Lombardi Edition V7.2.0.x

For_ earlier unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product._

Workarounds and Mitigations

None